Merge pull request #147 from gyuho/use_stdpkg_basicauth

server: use standard lib http.Request.BasicAuth

pkg/http/http.go

@@ -1,7 +1,6 @@
 package http
 
 import (
-	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"net/http"
@@ -29,30 +28,6 @@ func WriteError(w http.ResponseWriter, code int, msg string) {
 	w.Write(b)
 }
 
-// BasicAuth parses a username and password from the request's
-// Authorization header. This was pulled from golang master:
-// https://codereview.appspot.com/76540043
-func BasicAuth(r *http.Request) (username, password string, ok bool) {
-	auth := r.Header.Get("Authorization")
-	if auth == "" {
-		return
-	}
-
-	if !strings.HasPrefix(auth, "Basic ") {
-		return
-	}
-	c, err := base64.StdEncoding.DecodeString(strings.TrimPrefix(auth, "Basic "))
-	if err != nil {
-		return
-	}
-	cs := string(c)
-	s := strings.IndexByte(cs, ':')
-	if s < 0 {
-		return
-	}
-	return cs[:s], cs[s+1:], true
-}
-
 func cacheControlMaxAge(hdr string) (time.Duration, bool, error) {
 	for _, field := range strings.Split(hdr, ",") {
 		parts := strings.SplitN(strings.TrimSpace(field), "=", 2)

server/http.go

@@ -418,7 +418,7 @@ func handleTokenFunc(srv OIDCServer) http.HandlerFunc {
 
 		state := r.PostForm.Get("state")
 
-		user, password, ok := phttp.BasicAuth(r)
+		user, password, ok := r.BasicAuth()
 		if !ok {
 			log.Errorf("error parsing basic auth")
 			writeTokenError(w, oauth2.NewError(oauth2.ErrorInvalidClient), state)